#!/bin/sh
#
#     SUSE system startup script for hawk
#     Copyright (C) 1995--2005  Kurt Garloff, SUSE / Novell Inc.
#     Copyright (C) 2009  Tim Serong, SUSE / Novell Inc.
#          
#     This library is free software; you can redistribute it and/or modify it
#     under the terms of the GNU Lesser General Public License as published by
#     the Free Software Foundation; either version 2.1 of the License, or (at
#     your option) any later version.
#			      
#     This library is distributed in the hope that it will be useful, but
#     WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#     Lesser General Public License for more details.
#      
#     You should have received a copy of the GNU Lesser General Public License
#     along with this library; if not, see <http://www.gnu.org/licenses/>.
#
# /etc/init.d/hawk
#   and its symbolic link
# /(usr/)sbin/rchawk
#
# System startup script for hawk
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
# 
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux/SUSE/Novell based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB 
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
# See skeleton.compat for a template that works with other distros as well.
#
### BEGIN INIT INFO
# Provides:          hawk
# Required-Start:    $syslog $remote_fs
# Should-Start:      $time
# Required-Stop:     $syslog $remote_fs
# Should-Stop:       $time
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: hawk daemon providing web GUI for Pacemaker HA clusters
# Description:       Start hawk to provide a web GUI for the Pacemaker
#	High-Availability cluster resource manager.
### END INIT INFO


# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
LIGHTTPD_BIN=/usr/sbin/lighttpd
test -x $LIGHTTPD_BIN || { echo "$LIGHTTPD_BIN not installed"; 
	if [ "$1" = "stop" ]; then exit 0;
	else exit 5; fi; }

# Check for existence of needed config file and read it
LIGHTTPD_CONFIG=/srv/www/hawk/config/lighttpd.conf
test -r $LIGHTTPD_CONFIG || { echo "$LIGHTTPD_CONFIG does not exist";
	if [ "$1" = "stop" ]; then exit 0;
	else exit 6; fi; }

PID_FILE=/var/run/hawk.pid

# Generate a self-signed SSL certificate if necessary.  Will not
# generate certificate if one already exists, so administrator can
# install a "real" certificate by simply replacing the generated
# (combined) one at /etc/lighttpd/certs/hawk-combined.pem
# NOTE: This is essentially a heavily stripped-back shell version
# of the more generic check-create-certificate.pl script from WebYaST.
# If this latter script becomes generally available, we should prefer
# using it over this little function here.
generate_ssl_cert() {
	openssl_bin=/usr/bin/openssl
	c_rehash_bin=/usr/bin/c_rehash
	cert_file=/etc/lighttpd/certs/hawk.pem
	cert_key_file=/etc/lighttpd/certs/hawk.key
	combined_cert_file=/etc/lighttpd/certs/hawk-combined.pem
	log_file=/srv/www/hawk/log/certificate.log
	[ -e "$combined_cert_file" ] && return 0

	echo "No certificate found. Creating one now."
	mkdir -p $(dirname $combined_cert_file)

	old_mask=$(umask)
	umask 177
	CN=$(hostname -f)
	[ -z "$CN" ] && CN=$(hostname)
	[ -z "$CN" ] && CN=localhost
	$openssl_bin req -newkey rsa:2048 -x509 -nodes -days 1095 -batch -config /dev/fd/0 -out $cert_file -keyout $cert_key_file >$log_file 2>&1 <<CONF
[req]
distinguished_name = user_dn
prompt = no
[user_dn]
commonName=$CN
emailAddress=root@$CN
organizationName=HA Web Konsole
organizationalUnitName=Automatically Generated Certificate
CONF
	rc=$?
	if [ $rc -eq 0 ]; then
		cat $cert_key_file $cert_file > $combined_cert_file
		[ -x "$c_rehash_bin" ] && $c_rehash_bin $(dirname $combined_cert_file) >/dev/null 2>&1
	else
		echo "Could not generate certificate.  Please see $log_file for details"
	fi
	umask $old_mask
	return $rc
}

print_hawk_url() {
	IFC=$(LC_ALL=C route -n | grep "^0\.0\.0\.0" | tr -s " " | cut -d " " -f 8)
	IP=$(LC_ALL=C ifconfig $IFC | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1)
	PORT=$(LC_ALL=C grep "^server.port" $LIGHTTPD_CONFIG | cut -d " " -f 3)
	if [ -n "$IP" ]; then
		echo -e "\t${done}hawk is running at https://$IP:$PORT/${norm}"
	else
		echo -e "\t${warn}hawk could not determine the IP address for $IFC${norm}"
	fi
}

# Source LSB init functions
# providing start_daemon, killproc, pidofproc, 
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     be verbose in local rc status and clear it afterwards
#      rc_status -v -r  ditto and clear both the local and overall rc status
#      rc_status -s     display "skipped" and exit with status 3
#      rc_status -u     display "unused" and exit with status 3
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num>
#      rc_reset         clear both the local and overall rc status
#      rc_exit          exit appropriate to overall rc status
#      rc_active        checks whether a service is activated by symlinks
. /etc/rc.status

# Reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0	  - success
# 1       - generic or unspecified error
# 2       - invalid or excess argument(s)
# 3       - unimplemented feature (e.g. "reload")
# 4       - user had insufficient privileges
# 5       - program is not installed
# 6       - program is not configured
# 7       - program is not running
# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
# 
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.

case "$1" in
    start)
    	generate_ssl_cert || {
    		rc_failed
    		rc_status -v
    		rc_exit
    	}
	echo -n "Starting hawk "
	## Start daemon with startproc(8). If this fails
	## the return value is set appropriately by startproc.
	/sbin/startproc -p $PID_FILE $LIGHTTPD_BIN -f $LIGHTTPD_CONFIG

	# Remember status and be verbose
	rc_status -v

	if test "$?" -eq 0; then
		print_hawk_url
	fi
	;;
    stop)
	echo -n "Shutting down hawk "
	## Stop daemon with killproc(8) and if this fails
	## killproc sets the return value according to LSB.

	/sbin/killproc -TERM -p $PID_FILE $LIGHTTPD_BIN

	# Remember status and be verbose
	rc_status -v
	;;
    try-restart|condrestart)
	## Do a restart only if the service was active before.
	## Note: try-restart is now part of LSB (as of 1.9).
	## RH has a similar command named condrestart.
	if test "$1" = "condrestart"; then
		echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
	fi
	$0 status
	if test $? = 0; then
		$0 restart
	else
		rc_reset	# Not running is not a failure.
	fi
	# Remember status and be quiet
	rc_status
	;;
    restart)
	## Stop the service and regardless of whether it was
	## running or not, start it again.
	$0 stop
	$0 start

	# Remember status and be quiet
	rc_status
	;;
    force-reload)
	## Signal the daemon to reload its config. Most daemons
	## do this on signal 1 (SIGHUP).
	echo -n "Reload service hawk "
	killproc -HUP -p $PID_FILE $LIGHTTPD_BIN
	rc_status -v
	;;
    reload)
	## Like force-reload, but if daemon does not support
	## signaling, do nothing (!)
	echo -n "Reload service hawk "
	killproc -HUP -p $PID_FILE $LIGHTTPD_BIN
	rc_status -v	
	;;
    status)
	echo -n "Checking for service hawk "
	## Check status with checkproc(8), if process is running
	## checkproc will return with exit status 0.

	# Return value is slightly different for the status command:
	# 0 - service up and running
	# 1 - service dead, but /var/run/  pid  file exists
	# 2 - service dead, but /var/lock/ lock file exists
	# 3 - service not running (unused)
	# 4 - service status unknown :-(
	# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
	
	# NOTE: checkproc returns LSB compliant status values.
	/sbin/checkproc -p $PID_FILE $LIGHTTPD_BIN
	# NOTE: rc_status knows that we called this init script with
	# "status" option and adapts its messages accordingly.
	rc_status -v

	if test "$?" -eq 0; then
		print_hawk_url
	fi
	;;
    *)
	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
	exit 1
	;;
esac
rc_exit

